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ABSTRACT 



A system and method for providing protection of content 
which may be transmitted over unsecure channels, including 
storage and transmission in bulk media, transmission over a 
network such as the Internet, transmission between compo- 
nents of an open system, and broadcast transmitted, to 
compliant storage devices and/or compliant use devices is 
disclosed. The technique for providing protection from 
unauthorized utilization of the content so stored is provided 
publicly in order to allow for those utilizing a conforming 
media device to master or generate content protected accord- 
ing to the present invention. According to a preferred 
embodiment, public key cryptography is utilized to identify 
compliant devices and to transmit cryptographic keys pro- 
tecting content data. In the preferred embodiment content is 
protected using private key cryptography to optimize system 
performance. 

32 Claims, 4 Drawing Sheets 
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MEDIA CONTENT PROTECTION appreciated that other specific content infrastructures, such 

UTILIZING PUBLIC KEY CRYPTOGRAPHY as those available for video content, suffer from all or some 

of the shortcomings described herein. 

RELATED APPLICATIONS ^ ost existing implementations existing today with 

The present application is a continuation-in-part applica- 5 rcs P ect t0 thc distribution of mu sic content are not very 

tion of co-pending commonly assigned, United States patent seauo in that lhey can be imerce P ted at levels that are 

application Ser. No. 09/129,370, field Aug. 5, 1998 now U.S. beyond the encryption. For example, most systems are 

Pat. No. 6,438,235, the disclosure of which is incorporated currently based on proprietary protocols that are not neces- 

herein by reference. sanlv verv secure, i.e., they rely on the secrecy of the 

10 algorithm to be secure. 

TECHNICAL HELD Other systems are susceptible to problems such as record 

rp. ♦ • . • i . ancI replay* where a conversation is watched and then later 

I he present invention relates to the protection i i • i * r . , 

, -u • j .... ■ , piuicniuu, reproduced in order to counterfeit another authorization, 

distribution, acquisition, and utilization of content, such as u . .u i_- ■ „ . 

, • ♦ . j ■ u u ^ uulcm » BUCU - * such as to another machine not originally pnvy to the 

digital music content, and more particularly to systems and is *• o u . i_ • / 

* , - . ' .. f* 1 "^" 1 * 111 / lu ^a^ma duu conversation. Such techniques are facilitated as the 

methods tor providing distribution of such content over ♦ a a * * c *u 

* . ,. & , . . . rr 1 encrypted data in many of the present systems is sent in a 

unsecure communication channels, including open systems • r**i u*i > i • j 

^u^*u t t ™ » a « ui * u i_ r i c single direction, i.e., little or no bilateral communication and 

such as the Internet, and establishing a robust set of rules for u-i • i * i 

tU t . . . rv c . fe aiu " uaia * lul - lulcslul no bilateral secure communication. Accordingly, a parasitic 

the authorized utilization of such content. . u j i j i . • , 

system may be deployed on a legitimate communication link 

BACKGROUND 2 ° t0 s * m P* v recor ^ wnat i s being communicated between the 

systems communicating according to the particular security 

Currently there are various schemes in pi ace for providing technique, i.e., record the conversation. For example, if it 

controlled or secure access to content such as may be were desired to download music content to playback 

recorded on bulk media and/or communicated from bulk machine A and B, it is often possible to establish a legitimate 

media to user devices, such as user bulk media storage 25 dialogue between playback machine A and a service host 

devices, content players, and the like. Specifically, comput- system for receipt of a copy, via encrypted methods, of the 

ers and unprotected networks are currently used for distri- music content which has been paid for. However, if a 

bution of copyrighted material, and such use is expected to computer or other system is coupled to the link, it may 

grow rapidly in the future. record this conversation, although it does not understand the 

However, a computer is typically not a closed system, as actual information being exchanged. Thereafter, this con- 
it is generally composed of components, i.e., motherboard, versation may be replayed from the computer to playback 
video display adaptor, sound card, disk drive controller card, device B to convince playback device B it has received an 
etcetera, made from many manufacturers. Accordingly, authorized copy of the music content, 
these components, as well as a network of the computers 35 Moreover, a significant portion of the software which 
themselves, typically communicate, both internally and handles the transfer or playback of such content is vulner- 
externally, over well documented interfaces. These inter- able to just snooping the data after a decryption step has 
faces include both hardware and software, e.g., application been done on a host system. In this regard, one unauthorized 
programing interface (API). Because there are many unpro- access ("hacking") technique that is very common is to 
tected points in such systems, content that is to be protected 4Q develop a piece of code that emulates, or otherwise pretends 
is often encrypted. to be, a device used according to a legitimate use of the 

Schemes have been developed, utilizing thc above men- content, such as a sound card used in a playback of music 

tioned encryption, to protect content so that the owners of content. However, rather than, or in addition to, performing 

content can make content available to authorized users, tne authorized function, such pieces of code may in fact 

while restricting unauthorized use, such as preventing the 45 syphon the data off into an unprotected file, or other 

making of additional copies by an otherwise authorized user. destination, to allow its unrestricted subsequent access. 

However, these schemes often suffer disadvantages in These techniques take advantage of steps in which the 

requiring that the schemes themselves be kept secret in order content is not closely controlled. 

to maintain security. Accordingly, the schemes may be These techniques have been accepted in the past, in spite 

implemented only by trusted parties in order to maintain the 50 of their inherent shortcomings, as the provision of content 

secret. Likewise, these schemes often rely on the total over unsecured communication links has been relatively 

secrecy of cryptographic keys used by the scheme, as insignificant as compared to more mainstream distribution, 

publication of such a key may result in loss of security for acquisition, and utilization methods. However, the online 

all or multiple parties using the scheme. Additionally, trans- music industry has been growing to a point where control- 

fcr schemes that are in place today suffer from problems 55 ling the unauthorized use of content is becoming a signifi- 

with interception of thc content, such as between compo- cant issue. Specifically, as the distribution of content through 

nents of a compliant system, in such a way as to allow its such means expands to include major studios, adoption of a 

unrestricted or unauthorized use. secure protocol for the exchange and utilization of content 

The relatively recent advent, and subsequent seemingly has become more important, 

ubiquitous acceptance, of personal general purpose comput- 60 The adoption of different security techniques is compli- 

ers the Internet, and other wide spread data networks, and cated by the fact that such content is often downloaded to or 

digital devices, such as portable digital media players, has utilized by general purpose computers as described above, 

spawned the proliferation of new scenarios for the distribu- However, most of the components within such a computer 

tion and utilization of digital content, such as music content. are shared by a wide variety of applications, many of which 

Accordingly, one area of particular concern with respect to 65 require some level of protection for data. Implementing a 

controlling the transmission, reception, and/or use of content separate protection scheme for different data types is an 

is the distribution of music content. However, it should be expensive proposition. Furthermore, requiring that indi- 
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vidual general purpose devices, whether individually oper- technique, which itself is public, where only a subset of the 

able or operably with a general purpose computer, under- individual cryptographic keys used thereby need remain 

stand anything about the content it is holding is highly private. Therefore, sensitive information, such as a crypto- 

infeasible. Specifically, the processing power required to grap hic key associated with particular content (a content 

understand the content would be extremely expensive. 5 key)i may ^ provid ed to such devices without substantial 

Moreover, accurate y understanding the content would be fear that such information ^ be publica n y disseminated, 

unreliable, as unrelated content may resemble protected - 

information, particularly as the amount of content protected Preferably, traditional well-understood encryption 

grows to include more and more works and/or types of techniques, such as public key (asymmetric) and/or private 

content. kev (symmetric) cryptography, are utilized according to the 

Schemes to block access to the main data of the infer- 10 DreseDt inve ntion as the y have been W «H documented in the 

mation are highly impractical in a computer environment. encryption community for a long period of time and have 

Storage devices cannot typically identify what process is been P roven to be very effective at providing security, 

requesting information. For example, the current definition Moreover, the infrastructure for employing such encryption 

of the content scrambling scheme (CSS) for protecting DVD techniques, such as the algorithms and components provid- 

video requires that DVD-ROM drives disallow access to 15 ing cryptographic operations, i.e., exponentiation and modu- 

protected sectors until the DVD-ROM drive has verified that lus operations, are commonly available and in many cases 

there is a compliant decoder in the system. However, once already deployed in systems. 

that identification has taken place, any process can read the In order to be available to all desiring the protection of 

protected data. Inis requirement has added expense and such a s ^ lhe mle& for generatiag keys 

suitable for use 

complexity to implementations for almost no extra prolec- 20 icC0ldiDg to the present invention are preferably public. As 

y ' i t* t . _ , the technique itself, as well as the rules for ceneratinc 

In order tor the exchange and utilization of music or other L- 1 * u .-i- j ,u .,. 

nrtB(a . t „ . m . , t , . * cryptographic keys to be utilized therewith, are public, the 

content to become as widely accepted as the media and 7- *• n e ■* , „ lL j ■ • 

distribution techniques it is replacing, tbe rules provided for *? XDi a > ° w * ** ««» «« by all those so desinng. 

its authorized transfer and use according to the securitv 25 Mo ™ ver ' as " » the cryptographic keys themselves, or 

techniques should be robust. Specifically, it would be desir'- portl T thereof> whichare <™nta.ned "curdy in order to 

able to provide rules to allow for use of the content consis- fT , accord,n S lH ,. ,h u e P ref * m "nvenlion, rather 

tent with uses available from more conventional media. lhan relylng °" l u hc secret T lhe . techn »]'« fo , r lhe ' r ««. 

Moreover, it would be preferred to provide for use models com P roralse ° f «» secret information will result in only a 

not possible with more conventional media. 30 COn,ent pr0Vlder usi " g that P ar,1CTllar kev navu >S access t0 

TI , , . , . content compromised. 

However, the present day security techniques, in addition 

to presenting the security shortcomings described above, Operation of the preferred embodiment of the present 

generally have a very limited set of rules associated with the invention is not to allow or disallow any particular 

content. These rules are coupled with the data content in transmission, but rather to obscure the content (information 

order to define what use of the content is authorized accord- 35 or data )» ^'"S crv Ptographic methods, such that only a 

ing to the particular scheme. For example, music content le g lU ™te recipient can make use of that data, i.e., nobody 

equivalent to an album may be distributed online, having but the 0001601 owner ' or lhose authorized by him/her, is able 

rules associated therewith allowing the content to be played to utlhze P rotected me dia content. To this end, the present 

only. Such a rule is often referred to as "copy never." inve ntion utilizes cryptographic algorithms well known in 

Alternatively, the music content may provide for copying 40 the art to provide cryptographic keys useful according to the 

from a computer system which initially downloaded the presenl inventlon - However, the present invention provides 

content to a portable playback device (PD). Such a rule is umque svstems and methods for managing and utilizing 

often referred to as "copy once/' There is typically a state these crv Ptographic keys to thereby provide a cryptographic 

associated with the copy once rule when the copy has key management scheme, wherein the keys may be utilized 

already been made which identifies a copy of an original 45 for encryption or identification, which provides an end-to- 

what was authorized. end encr yP tion technique for distribution of content. 

Accordingly, a need exists in the art for systems and Accordingly, for protected information, neither the data 

methods adapted to allow for the distribution, acquisition, nor tDe XCKi ke ys are present in any unsecure communi- 

and/or utilization of content according to a variety of para- cations channel in decrypted form according to the preferred 

digms. Furthermore, a need exists in the art for distribution, 50 embodiment of the present invention. In order to ensure no 

acquisition, and utilization paradigms both that are consis- data or lhe associated cryptographic keys are presented in 

tent with the paradigms of more traditional media and that anv unsecure communications channel in decrypted form, 

provide new scenarios, such as are particularly well suited to lne Purred embodiment of the presenl invention utilizes 

Internet communication and e-comraerce. compliant hardware and/or software at both ends of such a 

Likewise, a need exists in the art for a more robust set of 55 communication channel. Thus in operation according to this 
rules establishing authorized utilization of content. preferred embodiment, data is only decrypted by compliant 
Moreover, as the user devices, such as content players, or " ic S al " svstcrns - Preferably, legal systems arc defined by 
should understand and honor these rules, a need exists in the thc author or owncr of lhc contem > ™ other entity affiliated 
art for allowing new rules to be established, or existing rules Wlth tne contcnt - Accordingly, systems that art not accept- 
to be altered, enhanced, etcetera. A need therefore exists in ^ able 10 tnis entlt ^ for what ever reason, will not receive an 
the art for user devices, and other equipment, to adapt to appropriate cryptographic key, and thus cannot decrypt the 
such new or altered rules in order to continue to properly information. 

control the content. The most preferred embodiments of the present invention 

SUMMARY OF THE INVENTION ^ im ? lemented at „ least in P arl in haf dware. Such imple- 

ouiviivi^ki ut ii-ib liNVtiiNiiuiN 65 menlallons are p re r erred as software implementations are 

'Ihese and other objects, features and technical advan- more subject to attacks likely to compromise the security, 

tages are achieved by a system and method utilizing a However, a preferred embodiment allows for the use of both 
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hardware and software implementations of the present and/or utilization recognize that this certification authority 
invention and provides for the selection of the particular has certified a particular implementation meets a standard of 
implementations that are acceptable for use with any entity's operation. For example, certification authorities may be 
content individually. For example, the author of the content established for particular types of content, i.e., video, music, 
may decide which receiving entities they trust to keep the 5 etcetera. Additionally or alternatively, various entities may 
integrity of their copyright. Accordingly, for content which establish themselves as those able to adequately test corn- 
is highly valuable, the author may decide that only hardware pliance of devices and, therefore, issue widely accepted 
decoders, or decoders from a particular manufacturer or certificates. Accordingly, any content provider etcetera that 
meeting particular standards, are to be allowed to decode the truste a P articular one of these entities may place their 
content. io certu ^ cates OD an acceptable list, or otherwise allow opera- 

, ... , rtL . ..«..,, tion of devices certified by them. 

In an embodiment of the present invention the individual w . , 

devices, or a class or type of devices, trusted with the content . Moreover, unlike prior art systems, where the scheme 

are provided in a list or other database. Preferably, no unique ltSelf 15 Se " et ' lh ? P re *; rred embodiment of the present 

host or device identifier is available or required according to invenll °" allows the public at large to generate their own 
the present invention. Therefore, changing of devices, such « Protected content without requiring license to the technology 

as for upgrade or due to failure, may be easily and seam- or , rec l uirin g ^ secret information that they do not them- 

lessly accommodated selves generate. This is because the only secrets in the 

,. present technique are ones of the keys themselves and, in 

Preferably, each different device or each different unple- a(k|ilio aUowi lhe fules for tin lne k t0 be 

mentation of the systems and methods of the present inven- bh( . Accordingly, any content provider may establish 

tion have a secret key/public key pair, such as may be protected content and associated key sets usable according 

generated and held secret by the manufacturer of that device. t0 lne presem invention. 

For example, a public/secret key pair is used where the n p A . ' c , u . * *- n c 

, i • ! , u *u c * j « • , Preferred embodiments of the present invention allow for 

secret key is known only by the manufacturer and provided f r , , . ... . . t t . 

i . ' • i r .i_ r , j • the operation of compliant devices with content protected 

only to particular ones of the manufacturer s devices. tn t ,♦• \ c .u i- . 

c i. * j- -j i j • . c . 25 P nor t0 the existence ot particular ones of the compliant 

ihererore, each individual device, sets of associated , • r , . * , r . \ 

, r . , ... devices. For example, using the above preferred embodi- 

devices, or manufacturers devices may utilize a different , i C * i * i ? i i i_ i i • •_ 

, , , , t . i • n »"^»^» menl certificates, later developed playback devices may be 

secret key known only to these devices. However, the j . ... ' - c . ... . . . . 

•j. ... . . c ., . ... , . provided with a certificate enabling their operation with 

corresponding .public key ^preferably w.dely published to con(ent and ^ ibl B distribut ^ di before the 

content providers, certificate autbonties, and/or the like. s , ems and ^ ethods 0 M f th/p^ invention have 

Accordingly, even where a particular device falsely identi- , c # . . , . , . 

c ir j • fl . L • j i- known of these particular playback devices. 

ties itself as a device of the above mentioned list, a content A * . . 

key can be encrypted using the public key of the legitimate . Accordin S . to a P referred embodiment of the present 

device to prevent unauthorized utilization of the content. '"venuon, vanousencrypt.on algonthms may be selected for 

. , . particular works or types of content protected. Specifically, 
In a preferred embodiment, a different content key would 35 an encryption algorithm used to encrypt the data itself can be 
be associated wuh each work or collection of works. selected to provide a very high level of security or to be very 
Accordingly, if a particular content key is compromised only fast and to implem ent depending on the type or value 
the work or works associated therewith are compromised. of daU being encrypled . For exampkj contenl coraprising 
Digital signatures and/or certificates, such as may be audio only might utilize a less secure encryption algorithm 
provided by a certification authority or other trusted party, 40 i n order to save gates in hardware implementations or to 
providing a level of confidence that a particular device is save time in software implementations for decryption, and 
what it claims to be are preferably used according to the thus facilitate its use on relatively inexpensive devices. With 
present invention. For example, all devices meeting a par- such content, these lower levels of security may be accept- 
ticular standard of operation, such as all hardware devices able because it would likely cost more to crack the encryp- 
utilizing a particular encryption algorithm, may be provided 45 tion algorithm than it would to simply rightfully purchase 
a certificate by a trusted certification authority. This certifi- the content. However, where the value of the data being 
cate may be the particular hardware device's public key, and protected is high enough so that it is worth cracking the 
possibly other information, encrypted using a particular encryption algorithm if it were a weaker encryption 
secret key of the certification authority. The corresponding algorithm, such if the content being exchanged were bank 
certification authority public key may be distributed to 50 records, the preferred embodiment allows the use of a much 
content providers with the understanding that it corresponds stronger encryption algorithm. For example, content corn- 
to certificates issued to devices meeting the aforementioned prising new release movies or video, or other more valuable 
standard of operation. 1 riereafter, whenever a device pre- content, might utilize a more secure encryption algorithm in 
sents its certificate, the content provider may be assured that order to provide increased security, because of its relative 
when the certificate is decrypted using the certificate 55 infrequent playback access and/or the availability of rela- 
authority's public key, and a content key is encrypted with tively sophisticated devices playback devices, 
the resulting device public key, that only a device meeting Preferably, particular applications utilizing the systems 
the desired level of operational standards will be able to and methods of the present invention implement a common 
utilize the content. Q f encryption algorithms. According to a preferred 
According to the preferred embodiment of the present 60 embodiment, such applications as music content protection 
invention, root certification authorities are not required. use a common set of encryption algorithms while other 
Instead a variety of different certification authorities are applications such as video content protection use a common 
encouraged to exist. In a most preferred embodiment, any set of encryption algorithms to thereby promote compatibil- 
entity that wishes to establish themselves as a certification ity between devices adapted to utilize such types of content, 
authority is permitted to do so, with the only requirement for 65 For example, entities distributing music via the Internet 
proper operation according to the present invention being standardize their protection of content according to the 
that other entities participating in the content exchange present invention to utilize a same symmetric encryption 
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algorithm in order that each such music distributor can bulk media distribution, use restricted to a location, time, 

easily provide content that is operable on everyone's play- number of plays, and the like. 

back devices. A still further technical advantage of the present invention 

A robust set of rules establishing what may be done with is that utilization of protected content in both dedicated 

the protected content, Le, establishing authorized and/or 5 devices, such as portable players, and computers is provided 

unauthorized uses of the data, is preferably established for. 

according to the present invention. Accordingly, a robust set f ore going has outlined rather broadly the features and 

of distribution, acquisition, and/or use paradigms may be technical advantages of the present invention in order that 

accommodated according to the present invention. For the detailed description of the invention that follows may be 

example, the rules of the preferred embodiment provide for io better understood . Additional features and advantages of the 

the purchase of content, such as music, and its utilization, invention will be described hereinafter which form the 

i.e., listening, online as it streams to the user's computer. subject of lne daims of lne invention . u should ^ appre . 

Additionally or alternatively, the rules may allow the user dated by those skilled in the art that the conception and 

to only utilize the content that single time, or may provide specific embodiment disclosed may be readily utilized as a 

for its recording for later playback once or a fixed number 15 basis for modifying or designing other structures for carry- 

of plays, or even for a predetermined period of time. Another ing out the same purposes of the present invention. It should 

use or distribution model provided for according to a pre- also be realized by those skilled in the art that such cquiva- 

ferred embodiment of the present invention allows the lent constructions do not depart from the spirit and scope of 

distribution of a large piece of media, such as DVD, which the invention as set forth in the appended claims, 

includes many separate works, such as hundreds of indi- 20 

vidual songs or collections of songs. However, each, or ones, BRIEF DESCRIPTION OF THE DRAWINGS 

of these works are separately protected according to the ~ . 4 , . ,. - , 

* « • l For a more complete understanding of the present 

present invention. Accordingly, a user may access a server . , . * iL c & c K 

r ,, i i a. * • . invention, and the advantages thereof, reference is now 

and individually unlock or otherwise receive access to m , . J f n - , . , . . ... 

_i • i e f. i t .u* .u . * j ?s made to the following descriptions taken in conjunction with 

desired ones of the works. In this way the user is not required 25 ^ accom anvm drawin in which* 

to purchase all the works, but only those in which he/she is C accom P anvm S rawings, in w ic 

interested. This model is advantageous because it saves FIG ' 1 ^totes m edia systems adapted according to a 

download time as the bandwidth of many network connec- preferred embodiment of the present invention; 

tions are not yet high enough to speedily accommodate large FIG. 2A illustrates a high level flow diagram of operation 

transfers of data quickly. 30 of the present invention to provide protected content to a 

The rules of the preferred embodiment provide not only compliant device; 

for the actual utilization of the content, but also for content FIG. 2B illustrates a flow diagram of initial storage of a 

management. For example, rules are directed to the autho- protected work in a compliant storage device; 

rized copying of content, such as for backup purposes or for ^ FIG. 3 illustrates a flow diagram of the transfer of 

use on an alternative device. Such rules provide for serial protected content using a general purpose computer system; 

copy management and, preferably, are adapted to restrict use and 

of particular copies based upon particular copy management FIG. 4 illustrates a flow diagram of the download of 

slatus - protected content to a compliant storage device. 

Additionally, rules of a preferred embodiment of the 4Q 

present invention provide for broadcast models. For DETAILED DESCRIPTION 

example, an encrypted stream of data may be broadcast such In understandin g lhe concepts of the present invention it 

that anybody that chooses to receive it may do so. However, ^ hdpful l0 refer t0 a specific embodimenl wherein the 

only those who have the appropriate content key provided preseQt inveDtion fa utilizedt However, it should be appre- 

by operation of the present invention may actually utilize the 4f . ciated that (he systems and methods of tQe presem invention 

broadcast content. are nol ij m j ted t0 tne partieular embodiments, whether it be 

According to a preferred embodiment of the present lne system components, the type of content, or the encryp- 

invention, the rules of the present invention are extensible. tion algorithms, of the exemplary scenarios. Specifically, 

For example, associated with ones of the rules are flags one 0 f ordinary skill in the art should readily appreciate that 

which indicate a state of the rule and/or a particular exten- 50 the present invention is useful with any kind of content that 

sion to the rule. can b e represented digitally. Accordingly, it is envisioned 

Preferably, rules may be developed and added after a that the systems and methods of the present invention may 

particular basic rule set has been established to provide be utilized to protect various forms of content including 

additional functionality according to the present invention. video (whether video image alone or in combination with 

As the preferred embodiment provided the rules with the 55 audio and/or other information), audio (whether music or 

associated content, and the compliant devices include pro- any other audio information), software programs, still 

ccssors capable of interpreting these rules, new or modified images, compiled information (including databases, original 

paradigms may be created to address current desires without works, historical data, graphical data, and/or the like), 

altering any existing infrastructure of the present invention. The protection of content according to the present inven- 

Accordingly, a technical advantage of the present inven- 60 tion is preferably implemented so as to protect the unautho- 

tion is that unauthorized use of protected material is pre- rized utilization of content. Distribution, acquisition, and 

vented. The content protectable according to the present utilization of such content are all preferably controlled 

invention includes audio information, video information, according to the present invention. Accordingly, there are 

and computer information. essentially three components, such as illustrated in FIG. 1, 

A further technical advantage is provided in that a robust 65 wherein systems and methods of the present invention are 
set of use paradigms are supported, such as pay per view implemented, those being information use (playback) corn- 
techniques, including authorization via phone or Internet, ponents or devices (use devices 111 and 112), information 
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storage (whether embedded or removable media) compo- Content keys according to a preferred embodiment of the 

nents or devices (storage devices 121 and 122), and com- present invention are generated by content owners, the 

munication channels (links 131-135). authors, or some other entity affiliated with the content 

Operation of the preferred embodiment of the present (f ntent providers). Therefore, no content key need be 

invention is not to allow or disallow any particular 5 shared among various participating entities such as the 

transmission, but rather to obscure the content (information ma nufacnirers or distnbutc-rs, thus providing confidence that 

. , \ . .* i u \u . i a particular content provider s content key is only going to 

or data) using cryptograph* methods such that only a according H to the present invention . To mr Iher add 

legitimate rec.pient can make use of that data. According to , Q , he amMaux a m 4 andled content kev wil i com . 

the preferred embedment of the present invention there is ^ the securi of fl amoum j f c)ed 

no requirement hat any commumcanon channel be secure, 10 ^ ft ^ envisioned lha , , distjnet comenl 

whether internal to a system such as link lil internal to . wiu b(J aled fo( . eacf) 

protected work. Of course, 

computer 101, external to systems such as links 132, 133 and wher(J breaches Jn comem fc ^ afe ^ a subs(an , ial 

34, or links .mplemented through systems such as network ^ a sj fc k ma ^ ated for muUj , e wf)rkS) 

135. For information protected by operation of the present such M a sj , e k for all works of a or 

invention, neither the data nor the secret keys are present in « a fof aU rf ^ ular works 

any unsecure communications channel in decrypted form. In A . . / . , » , • . 

^ j , * . • . j . * The present invention preferably uses public key 

order to ensure no data or the associated secret crypto- , . • \ j, . , • \ , . 

... , . . r (asymmetnc) and/or private (symmetric) key cryptography 

graphic keys are presented in any unsecure communications \ \. ' r . . i- r \ L L i 

, , . . r , , f J c . ... . r.u tor the encryption of protected mlormation to thereby render 

channel m decrypted form, the preferred embodiment of the ■ r • i * L i .1 

1 . * i_ j a, ™ the in tormation indecipherable or otherwise unusable to all 

present invention utilizes compliant hardware and/or 20 , t iL . , / . „ . , .... 

c , , . . . . 4 . . • j but authorized users. As is well known in the art, public key 

sortware, such as may be embodied m the above mentioned . . ♦ . , , * . J 

. f . . , . - 4 . . 4 cryptography provides a convenient means by which cryp - 

information use devices and information storage devices, at « f- i r . . j • • .u 

both ends of such a communication channel. lographxckeys may be exchanged without compromising the 

security of the data encrypted for use by a particular user. 

It should be appreciated that protection of content accord- Specifically, as data encrypted with a public key can only be 

ing to the present invention allows for the distribution of decrypted with a corresponding secret key, publication of the 

protected content at any time and in any manner deemed puMic keVj even to untruste d entities, does not compromise 

advantageous. For example, according to one distribution lhe ^ cmiXy However, such asymmetric key cryptography 

model accommodated by the present invention, protected typically requires more complicated encryption and/or 

content, and possibly associated content use information, decryption algorithms than symmetric key cryptographic 

may be recorded on bulk media, such as DVD-ROM and techniques. Accordingly, the use of asymmetric crypto- 

distributed in mass to any and all potential purchasers of the graphic techniques can require more processing power to 

content. Thereafter, a content cryptographic key, and possi- irn pi erne nt and may require longer times to actually accom- 

bly associated content use information, may be transmitted pHsh the encrypt i on and/or decryption, 

to individual users upon payment for the content, to thereby pdvate k cry pt ogr aphy generally provides for simpli- 

facilitate their authorized use of the content. Additionally, fied implementalion , ix . f less resources for processing and 

according to another distribution model accommodated by less time tQ actuall accomplish lhe encryplion and /or 

the present invention, a content cryptographic key, and d tion . However, due to the symmetric nature of the 

possibly associated content use information, may be trans- k distributi a k intro duces the risk that a recipient 

milted to individual users upon payment for broadcast may ut iii ze the key with data or transactions other than that 

content. Thereafter, these users may use the content cryp- in|ended M the R ^ m)l ife a cor di ^cnl 

tographic key in authorized utilization of streaming pro- ^ {Q be usc fa\ 

tected content. ^ e preferred embodiment of the present invention uti- 
According to a preferred embodiment of the present lizes both public and private key cryptography. For example, 
invention all content of the same type is encrypted the same 45 public key cryp tography is utilized to distribute keys allow- 
way. This is preferred to reduce the number of different ing for subsequen t encrypted communications, such as the 
implementations necessary to realize security according to lransfer of an encryp t e d content key through an unsecure 
the present invention as well as to enhance compatibility. communication channel. Accordingly, a public key may be 
For example, if music is produced to be protected according provided from one compliant device, such as a playback 
to the present invention, it would preferably be encrypted 5Q devicCj t0 another device, such as a storage 
with the music encryption algorithm, i.e., whatever algo- devicej through an unsecure communication channel to 
rithm is actually chosen as the correct balance between enable the other compliant device to encrypt a secret content 
security and implementation costs. keV) and possibly other da ta associated with the particular 
According to a volume or super distribution model, where content, and transfer this encrypted key back through the 
large quantities of content are distributed such as by mass 55 channel to the other device. Thereafter, content protected, 
disk stampings or provided on a very busy server on the and presumably also communicated between the devices 
Internet, content would preferably be encrypted once and through the unsecure communication channel, using encryp- 
everybody utilizing the same content would require the same tion with this secret key may be decrypted for use by the 
content key in order to decrypt that content. receiving device. As it is presumed that the content, such as 
Additionally or alternatively, it is also possible to 60 a musical work or a video production, will include substan- 
uniquely encrypt the content per user so that if unauthorized tially more data than ancillary communications, such as the 
copies are made available or a secret key is published the content key, the utilization of both public and private key 
source might be identified. However, use of multiple content cryptography is preferred to provide a desired level of 
keys for a single protected work increases costs in that security and to optimize the utilization of resources, 
multiple keys must be generated and maintained as well as 65 In a most preferred embodiment, public keys are dislrib- 
multiple precessing of the content to encrypt it must be uted utilizing a certificate authority, i.e., a third party to the 
accomplished. transaction which certifies the authenticity of the public key 
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being associated with a compliant device. Such certificates includes a preselected device secret key. This key is pref- 

are preferably a public key cryptography technique utilizing erably not readable by any element external to the informa- 

the certificate authority's public keys, as is well known in tion use device and, therefore, is preferably stored in the 

the art. above described secure area. Also to accommodate secure 

An information use device, such as use devices 111 and 5 exchanges through unsecurc communication channels, the 

112, preferably a standalone secure unit, such as a secure preferred embodiment compliant information use device 

component of a computer system (e.g. computer 101) or a includes a device public key corresponding to the device 

"tamper resistant" software component of a computer sys- secret key. However, as this key is a public key, it is 

tern (either of which may be represented by user device 111) preferably directly readable or other wise available to ele- 

or an independently operable device such as a portable 10 ments external to the information use device and, therefore, 

player (which may be represented by user device 112). is stored outside the above described secure area, such as 

Accordingly, the preferred embodiment user device includes within storage area 117. 

a processor (processor 114) and associated instruction set to A decryption engine, similar to or a part of the decryption 

control operation of the use device and its components engine described above (encryption/decryption engine 116), 

according to the present invention. 35 is also preferably included in the information use device to 

According to a preferred embodiment, a compliant infor- enable decryption of data encrypted using the device public 

ma tion use device will include a secure storage area or areas key. For example, the device public key may be utilized to 

for storage of protected content and associated information, encrypt a content key and transmit that encrypted content 

such as cryptographic keys utilized according to the present key to the information use device. Thereafter, the decryption 

invention. Such storage areas are shown as secure storage 20 engine, utilizing the device secret key, decrypts the content 

areas 113 in user devices 111 and 112. The secure storage key for use with the associated encrypted content, 

area is preferably not readable or directly wrileable by any i n a preferred embodiment, where digital signatures or 

element external to the information use device. certificates are utilized to ensure that particular public keys 

For example, a most preferred embodiment compliant are associated with compliant devices acceptable to content 

information use device includes a secure area for storing a 25 providers, authors, etcetera, the information use device also 

content decryption key. Moreover, if the information use stores certificates from certification authorities. These cer- 

device is adapted to store or otherwise operate with more tificates are preferably directly readable, such as by storage 

than one protected work, the information use device is in storage area 117, and include identification of compliant 

preferably adapted to store more than one content decryption devices meeting particular standard of operation. Certifi- 

key in a secure storage area or areas. In such cases, the 30 cates associated with or identifying the information use 

information use device is preferably adapted to associate device may be stored with the other above mentioned 

each content key with its corresponding content. certificates and/or may be available elsewhere. 

A preferred embodiment compliant information use The use device may also include components in addition 

device also includes secure areas, such as a portion of ^ to those described above, for example, components useful in 

storage area 113, for storing content use information. Such the distribution acquisition, and/or use of protected 

information may include a generation counter, generation information, such as random number generators, may also 

limit, copyright status indication, expiration information, be included in the use device. Additionally, or alternatively, 

watermark verification data, region coding, byte count components, such as additional use components for provid- 

limits, time limits, expiration based on the end of the 4Q ing different modes or personalities of use, may be included 

content, and the like. Moreover, if the information use in the use device. 

device is adapted to store or otherwise operate with more \ { should be appreciated that the components, or portions 

than one protected work, the information use device is thereof, of the above described preferred embodiment use 

preferably adapted to store more than one set of content use device may be embodied in a very large scale integration 

information. In such cases, the information use device is 4S dcvicc or other small component. For example, a preferred 

preferably adapted to associate each set of content use embodiment of the present invention utilizes a touch 

information with its corresponding content. memory utility button, available from Dallas Semiconductor 

An information use device according to the preferred as an I BUTTON, including a processor, cryptographic 

embodiment of the present invention additionally includes a functionality, and memory. This device may be easily 

decryption engine (encryption/decryption engine 116), such 50 coupled to various components, such as portable devices, 

as may be embodied in hardware, software, or a combination computer sound boards, DVD players, or even computers 

of both, that can use a content key, such as that described themselves, such as through a dongle coupled to a serial or 

above stored in the secure storage area, to decrypt encoded parallel interface port, in order to provide control of such 

data into a usable form. In the most preferred embodiment, devices according to the present invention. Moreover, such 

decrypted data will not be made available to any but 55 small devices may be easily made portable, so as to allow 

legitimate channels, such as use component 115 which, for their coupling and, therefore transfer of authorized use of 

example, may be an audio decoder to only analog outputs content there between. 

included in the compliant information use device. ^ mformation storage dcvice , such as storagc dcviccs 

In a preferred embodiment of the present invention, an 121 and 122, is preferably a standalone secure unit, such as 

encryption engine providing encryption functions inverse to 60 a secure component of a computer system (e.g. computer 

those of the above described decryption engine is also 102) or a "tamper resistant" software component operable 

provided in the information use device. For example, the with storage media (either of which may be represented by 

preferred embodiment of FIG. 1 includes encryption func- storage devices 121 and 122). Accordingly, the preferred 

tionality in encryption/decryption engine 116. embodiment storage device includes a processor (processor 

In order to accommodate secure exchanges through unse- 65 124) and associated instruction set to control operation of 

cure communication channels as described above, the pre- the storage device and its components according to the 

ferred embodiment compliant information use device present invention. 
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According to a preferred embodiment, a compliant infor- particular standards of operation). This key may be utilized 

mation storage device will include a secure area or areas for with the above described decryption engine, or one similar 

storing information according to the present invention. Such thereto, to decrypt a certificate provided as authentication/ 

storage areas are shown as secure storage areas 123. The identification of another device. Decryption of the certificate 

secure area is preferably not readable or directly writeablc 5 lo provide a usable device public key may be relied upon to 

by any elements external to the information storage device. provide confidence that the otherwise unknown device is a 

For example, a preferred embodiment information storage c ° m P liant , *Y« (»' If**./? lhe level indicated °V lhe 

device includes a storage area for storing a preselected '^^certificate authority). 

device secret key. Preferably, this secret key is not directly ^ w «" the preferred embodiment use device, it should be 

readable by any element external to the information storage » Wiwiated that the components or portions thereof, of the 

device. Also to accommodate secure exchanges through ^ove described preferred embodiment storage device may 

unsecure communication channels and/or storage of data on be embodied in a very large scale integration device or other 

unsecure media, the preferred embodiment compliant infor- S ? M «> m P onent -. For a p u referred embodimen ' of 

mation storage device includes a device public key corre- lhe P re *"< ^"T^^fl u, ' bly . button ' 

sponding to the device secret key. However, as this key is a M * uch as , the aforementioned IBUTTON. Such a dev lC e may 

public key, it is preferably directly readable or otherwise * C2S ^ 2° u P' ed , '° vanous components, such as disk 

available to elements external to the information use device dnves : DVDR °M drives^ or even computers, m order to 

and, therefore, is stored outside the above described secure ? rov,de co " tro1 of ^ch devices according to the present 

area, such as within storage area 127. invention. Moreover such small devices may be easily made 

„ . . , . , , n portable, so as to allow their coupling to different ones of 

The most preferred embodiment compliant information such devices and, therefore, transfer of authorized control of 

storage device also includes secure areas for storing one or such conten , there between . 

more secure data sets. Such data sets may include an A ferred ernbodiment of the steps performed in pro- 

identification of the data set such as a simple enumeration, (ec J con(ent accordi , 0 , ne £ ^ vention ^ ^ 

content decryption keys content use information ..and public jn the flow chafl of n * 2A ^ ferred embodimem 

keys and their corresponding signatures. These data seB are sh()wn in F , G M af6 fflustraled divided fat0 lhree 

preferably assoaated with part.cular protected works, pro- groups indicated by boxes 200, 201, and 202. These boxes 

viding association lo the content of content keys and infor- j i- . a. * r ju 

. 6 ,. . /. delineate the steps performed by various system components 

mation regarding any restrictions on use of the content , t1 _ e j \_ / c c 11 u 

, t t ■ f i- \ according to the preferred embodiment. Specifically, box 

^content use intormation). ^ 200 delineates the steps performed by a co^m provider in 

An information storage device according to the preferred initially protecting a work, such as upon a host distribution 

embodiment of the present invention additionally includes a computer as may be represented by computer 102 of FIG. 1. 

decryption engine (encryption/decryption engine 126), such Box 201 delineates the steps performed by the content 

as may be embodied in hardware, software, or a combination provider in storing the protected work for utilization accord- 

of both, that can decrypt a content key encrypted with the 3S ing t0 the present invention. It should be appreciated that the 

device's public key. An encryption engine (encryption/ steps of box 201 are also the steps a compliant information 

decryption engine 126), such as may be embodied in storage device, such as storage device 121 or 122 of FIG. 1, 

hardware, software, or a combination of both and as may be perform in providing information, such as the content key 

a part of the decryption engine described above, is also and/or content use information, to another compliant device, 

preferably included in the information storage device to 4Q sucn ^ storage device 121 or 122 or use device 111 or 112 

enable encryption of a content key encrypted with the 0 f nG. 1, as the use rules of the present invention permit, 

devices' public key. Accordingly, content keys may be B ox 202 delineates the steps performed by a compliant 

encrypted using the above mentioned device secret key, such information storage device, such as storage device 121 or 

as for transmission to compliant devices or for storage on 122 of FIG. 1, perform when provided information by the 

unsecure media, and may be decrypted for use by the storage 45 content provider. It should be appreciated that the steps of 

device (whether to decrypt the corresponding content, to box 202 arc also the steps a compliant device, such as 

re-encrypt using a compliant device's public key for trans- storage device 121 or 122 or use device 111 or 112 of FIG. 

mission through unsecure channels, or the like). 1( per form in receiving information from another compliant 

In a preferred embodiment, where digital signatures or device according to the present invention, 

certificates are utilized to ensure that particular public keys 50 As described above, the steps of box 200 are preferably 

are associated with compliant devices acceptable to content performed by content provider or other owner or controller 

providers, the information storage device also stores certifi- 0 f the content to initially protect the content and to establish 

cates from certification authorities. 'ITiese certificates are the proper restrictions upon its use. Accordingly, in a dis- 

preferably directly readable, such as by storage in storage tribution model, these steps are preferably performed once 

area 127, and provide identification of compliant devices 55 per work. However, in alternative embodiments these steps 

meeting particular standard of operation. Certificates asso- may be performed as often as desired, such as each time a 

ciatcd with or identifying the information use device may be particular work is distributed. 

stored with the other above mentioned certificates and/or Initial protection of the content according to the preferred 

may be available elsewhere. embodiment of FIG. 2A begins at step 210 wherein the 

The preferred embodiment compliant information storage 60 content data is provided to a system operable according to 

device is adapted to verify certificates, such as those pro- the present invention, such as upon a bulk storage device of 

vided by a certification authority described above. For computer 102. At step 211, a content key and content use 

example, the information storage device may have stored information is selected for use with this particular content, 

therein, such as in the secure area, a known accurate copy of Selection of a content key may involve selecting a particular 

the certificate authority's public key (or multiple ones of the 65 key from a group of keys unique to the content provider, 

public keys, such as may be associated with certificates of This may be a key selected for use only with the particular 

devices, types of devices, or groups of devices, meeting work or which has been associated with a type or group of 
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works. Of course, the content key may be generated rather stored in an unsecured area, such as storage area 127 of 

than selected, such as where no preestablished cryptographic storage device 122. Accordingly, inexpensive bulk media 

keys are available to the host system. provided in a common freely accessible portion of the 

Tlie content use information preferably include rules system may be used to store large quantities of content and 

establishing authorized uses of the content. Rules contained s associated mformation. It should also be appreciated that 

in the content use information may preferably include serial tran f » of protected content to non-comp hant devices will 

. , « „ , . ; wv » work, out movement of keys, or at least useful keys, to 

copy management rules (i.e., "allow playback XXX times; non -i>mpliant devices will fail 

"allow playback until XXX date;" "only allow playback in „ y . t 4 , * , , , . . 

vvv >> i< j i , . d i L i » *fj i . However, as the content key provides access to protected 

region XXX; delete con item after playback; delete .con- Q {{ [s ^ &{o /J ^ a ^ ^ as 

tent after XXX playbacks; "delete content after XXX date; 10 gecm afea ^ deviaf m 0f course> tne coment 

and the like), and serial copy tracking (i.e., "the generation key may ^ encrypted> or other wise rendered unuS able, such 

count shaU be increased by one each time the content key is as 5y encrypting it with the public key of the storage device , 

moved;" "the generation count limit is 2;" "after transferring or pre ferably a hidden key unique to that device so that other 

the content key, delete the key;" "the content should have a devices sharing a same pub lic/secret key set are not enabled 

watermark with ID XXX;" "analog output copy protection « tQ milize the contem key> in order tQ aJlow [{s stQrage {q an 

XXX should be turned on;" and the like). The rules may unprotected media, if desired. 

additionally or alternatively include rules setting forth par- A ferfed embodiment of the st ulilized for st 

ticular modes of compliant device operation acceptable for of the k wilhin me Kcan ^ of a hant 

use with the content particular compliant devices the con- fi device J ided b anolher complianl / evice 

tent may be used with, particular configurations of comph- 20 Qf de ^ shQwn ^ RG 2fi ^ ^ 

ant devices the content may be used with, and the like. sccure area within the st0fage device tQ assQciatc with lhe 

At step 212 a list of acceptable users is compiled. This list particular protected content is identified. At step 252 the 

includes devices the content provider trusts to maintain the storage device's public key and certificates for that public 

integrity of its content key and, therefore, the associated k e y are obtained and sent to the originator device. At step 

content. This list may be as to particular individual devices, 253 a random number encrypted with the storage device's 

particular types or groups of devices (i.e., all compliant secret key is obtained also by the originator device, 

hardware devices or all compliant software devices employ- At step 254 lhe comem key ^ exclusive ORed (XORed) 

ing component XXX), or even devices or groupings of with the random number at the originator device. It should 

devices certified by a particular trusted certification author- be apprec i a ted that the use of a random number or other 

ity (i.e., all manufacturer XXX's certified by certification unique in f orDiat ion in this way will prevent a replay of the 

authority YYY). conversation to another compliant device sharing the same 

The list of step 212 may not specifically identify devices, public secret key set from establishing a useful copy of the 

groups of devices, manufacturers, or certification authori- content therein. Moreover, the use of the random number 

ties. For example, the list may simply include a list of 35 from the storage device may be relied upon to add an extra 

certificate authority public keys associated with the certifi- layer of security to the transfer of the content key, even for 

cates of authorized devices. According to a preferred a non-compliant device having access to the same public/ 

embodiment of the present invention certification authorities secret key set. For example, the random number may be 

will provide different certificates for different types of encrypted by the storage device, such as by using a public 

devices, such as embedded storage, removable storage, 4Q key of the authoring device, thus preventing even a similar 

streaming playback devices (no storage), and write-only storage device with access to a secret key corresponding to 

storage/playback devices, to facilitate selection of devices the same public key used in encrypting the content key from 

authorized to use particular protected works. Additionally or usefully decrypting the content key. 

alternatively the list may include a list of device public keys At step 255 the XORed content key, the content use 

associated with the devices or groups of devices. 45 information, and acceptable user information are encrypted 

At step 213 the content is encrypted using the content key with the storage device's public key by the originator device, 

selected at step 211. Also according to the preferred embodi- Thereafter, at step 256, the encrypted information is trans- 

ment the content use information is encrypted in order to mitted from the originator device to the storage device, 

protect it from unauthorized alterations, such as changing Preferably, the storage device uses its secret key to decrypt 

any of the limitations of the above described rules. Addi- 50 the information, XOR the content key with the random 

tionally or alternatively, content use information may be number, and store the appropriate decrypted information in 

provided in clear text so as to apprize all who are interested the secure area. 

of the allowed use of the content. However, in order to As described above, the protected content is preferably 

prevent the unauthorized alteration of this use information, stored on a compliant information storage device, such as 

a technique is utilized to determine or prevent its unautho- 55 storage device 122, such as may be utilized for distribution, 

rized alteration. For example, the clear text information may i.e., a download server. The remainder of the steps of FIG. 

also provided in encrypted form. Additionally or 2A will be described with reference to another compliant 

alternatively, in a preferred embodiment a secure hash of the device (destination device) obtaining the content, content 

use information may be provided, such as by encrypting a use information, and content key for actual use of the 

hash of the content use information using the content key, 60 content. 

It should be appreciated that the encrypted content, After the content has been protected according to the 

encrypted content use information, and content key are each present invention it may be provided to various compliant 

associated with one another to facilitate their use together devices, such as the aforementioned storage devices and/or 

according to the present invention. Accordingly they may be use devices. However, as only the compliant devices autho- 

slored together or otherwise commonly indexed. It should be 65 rized by the content provider etcetera are to receive the 

appreciated that, as the content and the content use infor- content key, the present invention operates to identify the 

mation are encrypted using the content key, they may be device to which the content is to be provided. 



02/18/2004, EAST Version: 1.4.1 



US 6,550,011 Bl 

17 18 

Accordingly, at step 214 the host device (whether a server, tected according to his desires, such as may be indicated in 

storage, or use device) requests the destination (whether the content use information. 

storage or use) device's public key and/or any certificates, in Once the content key has been decrypted, it is now 

order to confirm the identity of the device as a compliant possible for the destination device to make use of the 

device authorized by the content provider. Thereafter, at step 5 content. However, use of the content is preferably proscribed 

215 the destination device, and possibly a host associated by rules established by the content provider, such as is 

with the destination device, supplies the public key and preferably indicated in the content use information, 

certificates. Accordingly, at step 220 a determination is made as to 

Transmission of the certificates is particularly useful in whether a particular use of the content is authorized. This 

situations where the destination device is a less known 10 determination may be made by using the content key to 

device, such as provided by a relatively small company or is decrypt the content use information and compare the uses 

a relatively new device, and does not appear on the source proscribed therein with the proposed use of the content. If 

device's list of acceptable devices. If the certificate is the use of the content is not authorized, processing proceeds 

provided by a certificate authority that the content provider to step 221 wherein a failure condition halts transfer of 

trusts, the certificate should be acceptable proof of the 15 protected information, such as the content key. However, if 

device's compliance. the use of the content is authorized, processing proceeds to 

In a preferred embodiment, the certificate is decrypted by ste P 222. 

the public key of the certification authority available to the At step 222 the decrypted content key is stored in a secure 

storage device and the result is compared to the public key area of the destination device. Likewise, the decrypted 

provided by the destination device. If there is a match, it can 20 content use information is also preferably stored in a secure 

be confidently assumed that the destination device is what it area of the destination device. Additionally or alternatively, 

purports to be. the encrypted content key and/or encrypted content use 

At step 216, the public key and/or the certificate may be information may be stored in an unprotected storage area in 

compared to the content use information, such as may be 25 or coupled to the destination device, if desired, 

decrypted using the content key available to the storage For example, where the secure area of the destination 

device, to determine if the device is authorized to receive/ device is limited, such as the small amount of storage space 

utilize the content. If neither of the key and/or certificate provided in the secure confines of a touch memory utility 

appear in the acceptable device list of the content use button such as the aforementioned I BUTTON, a limited 

information, then processing proceeds to step 217 wherein a 3Q number of content keys may be accommodated. However, 

failure condition halts transfer of protected information, this secure device can be programmed to include its own 

such as the content key. It should be appreciated that until cryptographic key or key set, for which even the owner of 

this point in the processing, no secret information has been the device cannot gain access to. Accordingly, the secure 

exchanged and, thus, until the destination device is properly device may be instructed to hold the content key in 

identified no secret information will be exchanged. 35 decrypted form when it is needed for use of the content, but 

If either or both the key and certificate appear in the to encrypt the content key with the secure device's crypto- 

acceptable device list of the content use information, then graphic key when not presently needed. Accordingly, the 

processing continues to step 218. At step 218, the host content key may be stored on any media accessible to the 

device (whether a server, storage, or use device) encrypts the secure device, thus making available some of the limited 

content key with the destination device's public key. 40 storage space therein for another content key, such as may 

Accordingly, the content key is rendered useless to all except be needed for a current use of content. Such an embodiment 

the holder of a secret key corresponding to the destination provides for virtually limitless storage of secure 

device's public key. This secure version of the content key information, as unsecure storage media may be used, 

is provided to the destination device. Additionally, the Preferably, the content key as encrypted by the secure 

content key may be further protected, if desired. For 45 device is unique to that particular device, such as by using 

example, information unique to the destination device, such the above described random number, in order to prevent its 

as a random number generated by the destination device, any being introduced to an identical brand device and thus 

be compounded with the content key, such as by as a enabling a second device to utilize the protected work, 

mathematical operation, e.g. exclusive OR (XOR) function. Accordingly, only one secure device may utilize the content 

Accordingly, even where multiple destination devices share 50 key as encrypted, although it can be copied in encrypted 

the same public/secret key set, recording of the conversation form for backup purposes, etcetera, 

will not result in the useful download of the content to a Having determined that the use of the content is autho- 

second device. rized and having received a content key which is or may be 

At step 219, the destination device receives the encrypted rendered useful, such as by decryption, use may be made of 

content key. The content and/or the content use information 55 the content according to the rules established by the content 

may be transmitted with the content key from the host provider (step 222), as discussed in more detail below. For 

device, such as through the same links used for coramuni- example, a dedicated player device can simply read the 

cation of the content key. Alternatively, the content and/or content decryption key and the content use information to 

content use information may be provided to the destination play the data. However, use on other devices, such as a 

through other means, such as being provided on a separate 60 general purpose computer may utilize additional steps, 

piece of bulk media, i.e., a DVD-ROM. Thereafter, processing concludes at step 223. 

As the content key is encrypted using the destination A preferred embodiment of the steps performed in play- 
device's public key, the destination device is able to decrypt back of content on a general purpose computer are shown in 
the content key using its secret key. As the destination device FIG. 3. These steps arc preferably controlled by software 
is compliant with operation according to the present 65 running on the computer system. 

invention, the content provider can be confident that the At step 301, playback on a computer begins with identi- 

decrypted, and therefore useful, content key will be pro- fication of the secure area associated with the particular 
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content to be played back. Identification of the specific 
secure area may not actually be accomplished by the 
computer, but instead the computer may identify the device 
containing the secure area or a link through which commu- 
nication to the device containing the secure area may be 5 
established. In identifying the secure area associated with 
the particular content to be played back, the computer may 
reference a file system or a database, for example, which 
directs the computer, such as according to the type of content 
to be played back, the type of device to play back the 10 
content, the owner or author of the content, or the like. 

At step 302, the computer obtains a list or other form of 
information regarding acceptable use devices and certificate 
authorities. This information may be obtained from the 
identified secure area or, as discussed above, may be pub- 35 
lished to the world with some form of authentication in 
place, such as a secure hash, to determine if it has been 
altered. 

At step 303 the computer obtains the use device's public 
key and a list or other form of information regarding the 20 
certificates for that public key. At step 304 the information 
obtained at steps 302 and 303 are compared. If there is 
determined not to be a match at step 305, i.e., the use device 
is not acceptable to the content provider, processing pro- 
ceeds to step 306 wherein a failure condition halts playback 25 
of protected information. However, if there is determined to 
be a match, i.e., identification of an authorized use device, 
processing proceeds to step 307. 

At step 307 the computer provides to the storage device 3Q 
the public key for the acceptable use device and/or a 
certificate from an acceptable certificate authority. The stor- 
age device will preferably verify the public key and/or 
certificate and encrypt future communication with that pub- 
lic key or the public key associated with the certificate. 35 

In operation according to the preferred embodiment, the 
computer will obtain a random number from the use device 
at step 308. At step 309 this random number is provided to 
the storage device. Preferably, the storage device will read 
the content key and/or content use information from a secure 40 
area in preparation for transmitting this information to the 
use device. In the most preferred embodiment, the random 
number provided by the use device is exclusive or-ed 
(XORed) with the content key, thus preventing other similar 
use devices from using the content key. 'JTiereafter the 45 
XORed content key and the content use information are 
encrypted with the above identified public key for secure 
transmission through unsecure communication channels 
(including the host computer). 

It should be appreciated that the use of the random 50 
number from the use device may be relied upon to add an 
extra layer of security to the transfer of the content key, if 
desired. For example, the random number may be encrypted 
by the use device, such as by using a public key of the 
storage device, thus preventing even a similar use device 55 
with access to a secret key corresponding to the same public 
key used in encrypting the content key cannot usefully 
decrypt the content key. 

At step 310, the computer receives the encrypted content 
key and content use information from the storage device. 60 
Thereafter, at step 311, the encrypted content key and 
content use information are provided to the use device. 
Preferably the use device decrypts the information with its 
internal secret key. The content key may then be XORed 
with the random number known to the use device. 65 
Thereafter, authorized use may be made of the. content as set 
forth in the content use information. 
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It should be appreciated that the above steps may be 
utilized in providing pay per view or similar uses. There is 
no requirement that the content key reside on the same 
medium as the content. Accordingly, for pay per view use, 
the above conversation only need be modified to be between 
the authorizing company and the playback device. 

A preferred embodiment of the steps download to a 
storage device or a portable device (PD), such as the RIO 
available from Diamond Multimedia, for saving and later 
playback are shown in FIG. 4. Initially at step 401, a secure 
area is identified within the storage device or PD to associate 
with the content to be downloaded. The storage device's or 
PD's public key and/or certificates for the public key are 
obtained (step 402). A random number is also preferably 
obtained from the storage device or PD (step 403). This 
random number is preferably encrypted with the storage 
device's or PD's secret key. 

At step 404, the storage device's or PD's public key 
and/or certificates for the public key and encrypted number 
are provided to a download server (which may itself be a 
storage device). The download server reads the content key, 
content use information, and public key and certificate 
authority list associated with the particular content to be 
downloaded (step 405). If there is no match between the 
storage device's or PD's public key or certificate and that 
read by the download server, then processing proceeds to 
step 407 wherein a failure condition halts download of 
protected information. However, if there is determined to be 
a match, i.e., identification of an authorized storage or PD 
device, processing proceeds to step 408. 

At step 408, the content key is XORed with the random 
number, which as described above provides an added level 
of security. At step 409 the XORed content key and the 
content use information are encrypted with the storage 
device's or PD's public key. At step 410 the encrypted 
information is transmitted to the storage device or PD. 

The storage device or PD decrypts the XORed content 
key and the content use information using the storage 
device's or PD's secret key. The decrypted XORed content 
key is XORed with the random number (step 412) and the 
appropriate decrypted information is stored in the identified 
secure area of the storage device or PD (step 413). 

It should be appreciated that, in ones of the above 
described examples of operation according to the present 
invention, transfer of the actual content data is not specifi- 
cally described. In operation of the present invention, it is 
presumed that the data of the actual content will always pass 
through some insecure channel and, thus, will be available 
no matter what attempts are made to block "inappropriate" 
transfers. Accordingly, the content data, which is encrypted 
using the content key, may be transferred by any means 
deemed advantageous. For example, transfer may be coin- 
cident with the transfer of the content key and content use 
information. Alternatively, transfer of the content data may 
occur prior to or after the transfer of this related data. In a 
preferred embodiment, the content data is transferred on 
bulk media, such as DVD-ROM prior to the transfer of the 
content key, in order to minimize the amount of data that is 
communicated electronically, such as over the Internet, via 
relatively slow data links. 

It should be appreciated from the above discussion, that 
the present invention provides embodiments where the con- 
tent may be backed up or otherwise copied without fear of 
the content being utilized in contravention of the rules 
established by the content provider. For example, the above 
described embodiments wherein encrypted content, content 
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key, and content use information is stored in unsecure areas, 
this information may easily be archived in case of failure of 
the storage device or use device of the present invention. 

However, in particular embodiments described above, 
such as where the content key is encrypted using a crypto- 5 
graphic key unique to the security device, the security device 
provides a single point of failure in the system. Accordingly, 
a preferred embodiment of the present invention provides 
the ability to clone the security device, such as the afore- 
mentioned IBUTTION. io 

It should be realized that particular works protected 
according to the present invention may be authorized for use 
throughout the life time of the owner of the use device. 
Accordingly it may not be practical to establish a limit on the 
number of times the security device may be cloned. 35 
Accordingly, a preferred embodiment of the present inven- 
tion ties the security device to the owner's identity. For 
example, owner information such as social security number, 
credit card number, driver license number, or the like may be 
encoded within the security device. In this embodiment, the 20 
owner may incur some form of natural penalty, i.e., owner 
secret information may be compromised and/or the owner 
may be easily identified, from the distribution of clone 
security devices, thus giving him an incentive to police this 
function. Additionally or alternatively, the rules established 25 
in the security device allowing for its cloning may be such 
that whenever a cloning operation is performed, the contents 
of the older generation security device are completely erased 
or otherwise rendered useless. 

According to a preferred embodiment of the present 30 
invention, each piece of media may contain a list of use 
devices the content provider or authors deem acceptable. An 
acceptable use device as recognized by the content provider 
is likely to be one that does not deliver either the content key 
or decrypted data to the user. Accordingly, a compliant 35 
storage and/or use device may easily determine if the 
content and content key may be acquired by a particular 
device. However, it is envisioned that devices acceptable to 
the content provider or author will continue to be developed 
after content has been protected according to the present 40 
invention and, therefore, after a list of use devices has been 
placed on a particular media (or otherwise associated with 
protected content). 

Protection of content according to preferred embodiments 45 
of the present invention allows for certificates to be gener- 
ated at any time, thus allowing authorization storage and/or 
use devices after a particular work has been protected. For 
example if the content provider lists himself as a certifica- 
tion authority, individual use devices can be enabled at any 5Q 
time by making a certificate available. 

The public key system of the present invention limits 
knowledge of the secret keys to very few people. For 
example, a secure device maker could embed the secret key 
in the secure device at time of manufacture, thus preventing 5S 
all others from knowing the secret. The corresponding 
public key could be broadcast to whoever desired to listen. 
Such a technique is very secure as discovery of the secret 
key becomes more likely when shared by many people. 

It shall be appreciated that according to the preferred 60 
embodiment of the present invention, as shown above, no 
unique host or drive identifier is available or required. This 
is allow for changing hardware due to upgrades or failure. 

Although the present invention and its advantages have 
been described in detail, it should be understood that various 65 
changes, substitutions and alterations can be made herein 
without departing from the spirit and scope of the invention 



as defined by the appended claims. Moreover, the scope of 
the present application is not intended to be limited to the 
particular embodiments of the process, machine, 
manufacture, composition of matter, means, methods and 
steps described in the specification. As one of ordinary skill 
in the art will readily appreciate from the disclosure of the 
present invention, processes, machines, manufacture, com- 
positions of matter, means, methods, or steps, presently 
existing or later to be developed that perform substantially 
the same function or achieve substantially the same result as 
the corresponding embodiments described herein may be 
utilized according to the present invention. Accordingly, the 
appended claims are intended to include within their scope 
such processes, machines, manufacture, compositions of 
matter, means, methods, or steps. 
What is claimed is: 

1. A method for preventing unauthorized utilization of 
content, said method comprising the steps of: 

establishing a plurality of compliant devices ones of 
which are storage devices and other ones of which are 
use devices, wherein ones of said plurality of compliant 
devices meet different levels of compliant operation 
and all of said plurality of compliant devices meet a 
minimum operational level of protecting a crypto- 
graphic key associated with protected content, and 
wherein each compliant device of said plurality of 
compliant devices includes at least one element of the 
set consisting of a public cryptographic key and an 
electronic certificate; 

selecting a first cryptographic key to be associated with 
said content; 

encrypting said content using said first cryptographic key; 

selecting content use information from a set of pre- 
established content use information to proscribe use of 
said content; 

protecting said selected content use information from 
unauthorized alteration; 

identifying ones of said plurality of compliant devices for 
which utilization of said content is to be authorized to 
thereby establish an authorized compliant device set, 
wherein said authorized compliant device set includes 
only compliant devices of said plurality of compliant 
devices meeting a desired threshold standard of opera- 
tion; 

establishing acceptable compliant device information, 
wherein said acceptable compliant device information 
includes at least one element of the set consisting of 
said public cryptographic key and said electronic cer- 
tificate for each compliant device of said authorized 
compliant device set; 

associating said first cryptographic key, said protected 
content use information and said acceptable compliant 
device information with said encrypted content; and 

storing said first cryptographic key in a secure storage 
area of a storage device of said authorized compliant 
device set 

2. The method of claim 1, wherein the step of protecting 
said selected content use information comprises the step of: 

encrypting said selected content use information using 
said first cryptographic key. 

3. The method of claim 1, wherein the step of protecting 
said selected content use information comprises the step of: 

creating a protected hash of said selected content use 
information. 

4. The method of claim 1, wherein said minimum opera- 
tional level of protecting a cryptographic key associated 



02/18/2004, EAST Version: 1.4.1 



US 6,550,1 

23 

with protected content requires said compliant device to 
never communicate a cryptographic key associated with 
protected content in unencrypted form external to said 
compliant device. 

5. The method of claim 1, wherein said step of establish- 5 
ing compliant device information comprises the step of: 

listing public cryptographic keys of devices meeting a 
particular standard of operation. 

6. The method of claim 1, wherein said step of establish- 
ing compliant device information comprises the step of: 10 

listing the electronic certificates of certificate authorities 
trusted to determine devices meet said particular stan- 
dard of operation. 

7. The method of claim 1, wherein said step of establish- 
ing compliant device information comprises the steps of: 15 

listing public cryptographic keys of devices meeting a 

particular standard of operation; and 
listing the electronic certificates of certificate authorities 

trusted to determine devices meet said particular stan- 2 o 

dard of operation. 

8. The method of claim 1, wherein said step of identifying 
ones of said plurality of compliant devices to establish an 
authorized compliant device set comprises the step of: 

identifying compliant devices including a particular 25 
implementation, wherein said particular implementa- 
tion is selected from the group consisting of a hardware 
implementation, a software implementation, a high 
security implementation, a low security 
implementation, an audio device implementation, a 30 
video device implementation, and a banking device 
implementation. 

9. The method of claim 1, wherein said step of identifying 
ones of said plurality of compliant devices to establish an 
authorized compliant device set comprises the step of: 35 

identifying an electronic certificate associated with a 
particular trusted certification authority. 

10. The method of claim 1, further comprising the step of: 
cloning at least a secure portion of a compliant device of 

said plurality of compliant devices, wherein a cloned at 40 
least a secure portion of said compliant device provides 
operational abilities with respect to protected content 
coextensive with that of said at least a secure portion of 
said compliant device cloned. 

11. The method of claim 10, wherein said cloning step 45 
renders said at least a secure portion of said compliant 
device cloned inoperable for further use with said protected 
content. 

12. The method of claim 10, wherein said cloning step 
produces a backup copy of said at least a secure portion of 50 
said complaint device cloned. 

13. A system for protecting content, said system compris- 
ing: 

a set of content use rules wherein portions of said content 5S 
use rules are selectable to be associated with protected 
content in order to define authorized uses thereof; 

a protected form of said content, wherein said protected 
form of said content includes an encryption of said 
content, a content key associated with said encryption 60 
of said content, an identification of devices authorized 
for use with said content, and a subset of said content 
use information defining authorized use of said content; 

a plurality of devices providing compliant operation 
according to said system, wherein said compliant 65 
operation according to said system at least proscribes 
the use and communication of said content key asso- 
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ciated with said protected content, and wherein said 
plurality of compliant devices comprise: 
a use device having a secure storage area associated 
therewith, wherein said use device includes a public/ 
secret cryptographic key set, wherein a secret key of 
said public/secret cryptographic key set is stored in 
said secure storage area; and 
a storage device storing said identification of devices 
authorized for use with said content, wherein said 
storage device operates under control of an instruc- 
tion set and has a secure storage area associated 
therewith, wherein said content key is stored in said 
secure storage area and is passable to said use device 
under control of said instruction set only if said use 
device is identifiable with said identification of 
devices authorized for use with said content. 

14. The system of claim 13, wherein said encryption of 
said content is stored separate from said storage device. 

15. The system of claim 13, wherein said use device 
further comprises: 

a decryption engine for asymmetric decryption of mes- 
sages protected using said public/secret cryptographic 
key set; and 

a decryption engine for symmetric decryption of said 
content using said content key. 

16. The system of claim 13, wherein said storage device 
further comprises: 

encryption engine for asymmetric encryption of said 
content key using said public/secret cryptographic key 
set. 

17. The system of claim 13, wherein said secure storage 
area associated with said use device is disposed in a security 
device including a memory, a processor, and an instruction 
set incarcerated in a tamper resistant housing removably 
coupled to a remainder of said use device. 

18. The system of claim 13, wherein said secure storage 
area associated with said storage device is disposed in a 
security device including a memory, a processor, and an 
instruction set incarcerated in a tamper resistant housing 
removably coupled to a remainder of said storage device. 

19. A method for protecting electronic content, said 
method comprising the steps of: 

providing a compliant first device having a secure storage 

area associated therewith; 
providing a compliant second device having a secure 

storage area associated therewith; 
providing a content crypLographic key; 
encrypting said content using said content cryptographic 
key; 

storing said content cryptographic key in said secure 

storage area of said compliant first device; 
identifying particular rules of a plurality of rules to 

estabbsh authorized uses of said content; 
preventing unauthorized alteration of said identified rules; 
identifying devices of a plurality of devices authorized for 
use with said content to thereby provide identified 
device information; 
preventing unauthorized alteration of said identified 

device information; 
providing a device public/secret cryptographic key set; 
storing a device secret key of said device public/secret 
cryptographic key set in said secure storage area of said 
compliant second device; 
establishing communication between said compliant first 
device and said compliant second device to thereby 
provide a communication link; 
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comparing, at said compliant first device, information 
with respect to said compliant second device to said 
identified device information; 

determining if said compliant second device is authorized 
for use with said content at least in part from informa- 
tion derived from said comparing step; and 

if said compliant second device is determined to be 
authorized for use with said content at said determining 
step, performing the steps of: 

encrypting, at said compliant first device, said content 
cryptographic key using a public key of said device 
public/secret cryptographic key set; 

communicating said encrypted content cryptographic 
key from said compliant first device to said compli- 
ant second device; 

decrypting, at said compliant second device, said 
encrypted content cryptographic key using said 
secret key stored in said compliant second device's 
secure storage area; and 

storing said content cryptographic key in said compli- 
ant second device's secure storage area, wherein said 
stored content cryptographic key is identified with 
said content by said compliant second device. 

20. The method of claim 19, wherein said step of com- 
paring utilizes said public key provided to said compliant 
first device from said compliant second device via said 
communication link. 

21. The method of claim 19, wherein said step of com- 
paring utilizes an electronic certificate provided to said 
compliant first device from said compliant second device via 
said communication link. 

22. The method of claim 19, wherein said step of iden- 
tifying said devices of said plurality of devices authorized 
for use with said content includes a step selected from the 
group consisting of: 

identifying an implementation of devices considered to 
provide an acceptable level of operational compliance; 

identifying a certificate authority considered to provide an 
acceptable level of determination of operational com- 
pliance of devices; 

identifying an electronic certificate associated with a 
group of devices considered to provide an acceptable 
level of operational compliance; and 

identifying a public key associated with a group of 
devices considered to provide an acceptable level of 
operational compliance. 

23. The method of claim 19, wherein at least one of said 
steps of preventing unauthorized alteration of said identified 
rules and preventing unauthorized alteration of said identi- 
fied device information comprises the step of: 

providing said one of said identified rules and said iden- 
tified device information in clear text and associating a 
protection code therewith, wherein said protection code 
is relied upon to detect alteration of said clear text 
information. 

24. A method for protecting electronic content compris- 
ing: 

providing a compliant device having a secure storage area 
with at least a device secret key of a device public/ 
secret cryptographic key set stored therein; 

encrypting said content using a content cryptographic 
key; 

identifying devices of a plurality of devices authorized for 

use with said content to thereby provide identified 

device information; 
determining if said compliant device is authorized for use 

with said content at least in part through reference to 

said identified device information; and 



if said compliant device is determined to be authorized for 
use with said content at said determining step, perform- 
ing the steps of:. 

decrypting said encrypted content cryptographic key 
s using said secret key stored in said compliant 

device's secure storage area; and 
storing said content cryptographic key in said compli- 
ant device's secure storage area, wherein said stored 
content cryptographic key is identified with said 
10 content by said compliant device. 

25. The method of claim 24, further comprising: 
establishing rules for authorized uses of said content, 

wherein use of said content cryptographic key stored in 
said compliant device's secure storage area to decrypt 
15 said encrypted content is in accordance with said rules 
for authorized uses of said content. 

26. The method of claim 24, further comprising: 
comparing, at a second compliant device, information 

with respect to said compliant device to said identified 
20 device information. 

27. The method of claim 26, wherein said step of com- 
paring utilizes a public key corresponding to said secret key 
stored in said compliant device's secure storage area pro- 
vided to said second compliant device from said compliant 

25 device via a communication link therebetween. 

28. The method of claim 26, wherein said step of com- 
paring utilizes an electronic certificate provided to said 
second compliant device from said compliant device via a 
communication link therebetween. 

30 29. A system for protecting content comprising: 

a plurality of devices providing compliant operation 
which at least proscribes the use and communication of 
a content key associated with a protected content, and 
wherein said plurality of compliant devices comprise: 
35 a use device having a secure storage area associated 
therewith, wherein said use device includes a public/ 
secret cryptographic key set, wherein a secret key of 
said public/secret cryptographic key set is stored in 
said secure storage area; and 
40 a storage device storing identification of compliant 
devices authorized for use with said content, wherein 
said storage device has a secure storage area asso- 
ciated therewith storing said content key which is 
passable to said use device only if said use device is 
identifiable with said identification of devices autho- 
rized for use with said content, 

30. The system of claim 29, further comprising: 
a set of content use rules wherein portions of said content 

use rules are selectable to be associated with protected 
content in order to define authorized uses thereof, 
wherein use of protected content by said use device is 
in accordance with portions of said content use rules 
associated therewith. 

31. The system of claim 29, wherein said protected 
content comprises: 

an encryption of said content, a content key associated 
with said encryption of said content, an identification of 
devices authorized for use with said content, and a 
subset of said content use information defining autho- 
60 rized use of said content. 

32. The system of claim 29, wherein said secure storage 
area associated with said use device is disposed in a security 
device including a memory, a processor, and an instruction 
set incarcerated in a tamper resistant housing removably 

65 coupled to a remainder of said use device. 
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